CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20763 matches found

Positive Technologies•added 2026/03/19 12:0 a.m.•3 views

PT-2026-26303

Name of the Vulnerable Software and Affected Versions Salvo versions 0.39.0 through 0.89.2 Description Salvo, a Rust web framework, contains a Path Traversal and Access Control Bypass issue within its salvo-proxy component. An unauthenticated attacker can bypass proxy routing constraints and acce...

7.5CVSS6AI score0.00565EPSS

Exploits1References11

Positive Technologies•added 2026/03/19 12:0 a.m.•4 views

PT-2026-26301

Summary The listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by supplying arbitrary absolute paths, enumerating .mp4 filenames and...

4.3CVSS6.1AI score0.00418EPSS

Exploits1References7

Positive Technologies•added 2026/03/19 12:0 a.m.•5 views

PT-2026-26470

Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...

7.5CVSS5.9AI score0.00688EPSS

Exploits1References8

CNNVD•added 2026/03/19 12:0 a.m.•5 views

OpenEMR 路径遍历漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained a path travers...

6.5CVSS6.4AI score0.00549EPSS

Exploits1References2

Positive Technologies•added 2026/03/19 12:0 a.m.•3 views

PT-2026-26331

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

6.5CVSS6.6AI score0.00549EPSS

Exploits1References5

CNNVD•added 2026/03/19 12:0 a.m.•3 views

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions prior to SuiteCRM 7.15.1 and 8.9.3 contained security vulnerabilities. These vulnerabilities stemmed from the actionexportCustom function in modules/ModuleBuilder/controller.php, which failed to properl...

4.9CVSS5.8AI score0.00329EPSS

Exploits0References2

Positive Technologies•added 2026/03/19 12:0 a.m.•2 views

PT-2026-26471

Summary The deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete arbitrary files on the server, including critical application file...

8.1CVSS6AI score0.00505EPSS

Exploits1References8

Positive Technologies•added 2026/03/19 12:0 a.m.•5 views

PT-2026-26436

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the action exportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

4.9CVSS5.8AI score0.00329EPSS

Exploits0References5

Tenable Nessus•added 2026/03/19 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-31972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The mpileup command outputs DNA sequences that have been aligned agains...

9.8CVSS5.7AI score0.00516EPSS

Exploits0References3

Tenable Nessus•added 2026/03/19 12:0 a.m.•6 views

Debian dla-4503 : evolution-data-server - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4503 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4503-1 [email protected] https://www.debian.org/lts/security/...

5.6CVSS5.9AI score0.00189EPSS

Exploits0References4

Tenable Nessus•added 2026/03/19 12:0 a.m.•6 views

Amazon Linux 2 : gvfs, --advisory ALAS2-2026-3197 (ALAS-2026-3197)

The version of gvfs installed on the remote host is prior to 1.36.2-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3197 advisory. A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP...

4.3CVSS6.5AI score0.0036EPSS

Exploits2References6

OSV•added 2026/03/18 9:16 p.m.•2 views

DEBIAN-CVE-2026-31972

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The mpileup command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally the reference DNA base at that position obtained fr...

9.8CVSS5.3AI score0.00516EPSS

Exploits0References1

NVD•added 2026/03/18 9:16 p.m.•4 views

CVE-2026-31972

9.8CVSS0.00516EPSS

Exploits0References3

UbuntuCve•added 2026/03/18 9:16 p.m.•2 views

CVE-2026-31972

9.8CVSS5.7AI score0.00516EPSS

Exploits0References4

OSV•added 2026/03/18 9:16 p.m.•3 views

UBUNTU-CVE-2026-31972

9.8CVSS5.8AI score0.00516EPSS

Exploits0References5

CVE•added 2026/03/18 8:32 p.m.•10 views

CVE-2026-31972

SAMtools mpileup contains a memory-management bug where reference data could be discarded too early, causing use-after-free reads. This could leak information about program state and may crash the process. The issue is fixed in SAMtools versions 1.21.1 and 1.22. No exploit details are provided in...

9.8CVSS5.7AI score0.00516EPSS

Exploits0References3Affected Software1